Evolution-x-devices/device_google_gs201
2
0
Fork 0
mirror of https://github.com/Evolution-X-Devices/device_google_gs201 synced 2026-02-01 05:38:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,551 Commits 3 Branches 0 Tags
cbbda2ee929772e2e39a98c00fdb2985dd07a41f
Commit Graph

1072 Commits

Author SHA1 Message Date
attis
150634f087 Label sysfs node power_mode as sysfs_display. 
Label power_mode to sysfs_panel to let it be allowed in dumpstate.

avc log:
08-26 13:07:49.660 12467 12467 W dump_display: type=1400 audit(0.0:19): avc:  denied  { read } for  name="power_mode" dev="sysfs" ino=89753 scontext=u:r:dump_display:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 bug=b/350831939

Test: ls -Z, adb bugreport.
Flag: EXEMPT bugfix
Bug: 358505990
Change-Id: I9feeb2a8270f89d214f7d765893364d0e73f7d39
Signed-off-by: attis <attis@google.com>
 2024-09-02 04:54:13 +00:00
samou
a8d35041b3 sepolicy: gs201: fix bm selinux 
- add odpm scale value path
- add gpu cur_freq

Flag: EXEMPT refactor
Bug: 349935208
Change-Id: Ie053ead11eae4abdd0a30f74117d9c3e00eedf53
Signed-off-by: samou <samou@google.com>
 2024-08-23 10:58:20 +00:00
samou
5e0dca971a sepolicy: remove dump_power_gs201.sh 
Flag: EXEMPT refactor
Bug: 349935208
Change-Id: I3c0f48d00d312ef19677fe5ef9f080f063408667
Signed-off-by: samou <samou@google.com>
 2024-08-23 10:58:20 +00:00
Xiaofan Jiang
e8d359e8d4 Revert "Revert "gs201: update shared_modem_platform sepolicy for..." 
Revert submission 28822848-revert-28762313-SAYUORWKVG

Reason for revert: issue identify and fix is ready

Reverted changes: /q/submissionid:28822848-revert-28762313-SAYUORWKVG

Change-Id: Iae3ca282426fca573b4c42355e1b46eaa74d3c58
 2024-08-15 19:25:28 +00:00
Priyanka Advani (xWF)
e1a2549168 Revert "gs201: update shared_modem_platform sepolicy for UMI" 
Revert submission 28762313

Reason for revert: Droidmonitor created revert due to b/360059249.

Reverted changes: /q/submissionid:28762313

Change-Id: I0fc3d7d99b999eedf7e3948afb58fd962045f1e1
 2024-08-15 18:30:25 +00:00
Xiaofan Jiang
b958dd13ad gs201: update shared_modem_platform sepolicy for UMI 
Bug: 357139752

Flag: EXEMPT sepolicy

[   68.189198] type=1400 audit(1722986580.568:59): avc:  denied  { unlink } for  comm="binder:892_2" name="modem_svc_socket" dev="dm-52" ino=20239 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1
[   68.189448] type=1400 audit(1722986580.568:60): avc:  denied  { create } for  comm="binder:892_2" name="modem_svc_socket" scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:radio_vendor_data_file:s0 tclass=sock_file permissive=1

Change-Id: I0bbef83a3915e4c0e284296bc5b59e0ce6cf6f15
 2024-08-15 04:01:03 +00:00
Kevin Ying
3c082cdefd Allow camera HAL to access power_state sysfs 
08-03 01:41:34.444   791   791 W TaskPool: type=1400 audit(0.0:178): avc:  denied  { read } for  name="power_state" dev="sysfs" ino=86770 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 339690296
Test: Open camera under SELinux enforcing mode, no display avc error
Flag: EXEMPT resource update only
Change-Id: Ic0f2d149cbcd8a3da5035f6d2788b4548523bbd6
Signed-off-by: Kevin Ying <kevinying@google.com>
 2024-08-09 17:40:00 +00:00
Wilson Sung
3e1197bafb Add kernel vendor_fw_file dir read permission 
07-31 05:35:39.208 885 885 W binder:885_5: type=1400 audit(0.0:125): avc: denied { read } for name="firmware" dev="dm-7" ino=48 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_fw_file:s0 tclass=dir

Fix: 356530883
Flag: EXEMPT bugfix
Change-Id: I1bb8fcfc952c69c991fd978a617eb92558817267
 2024-08-02 09:18:50 +00:00
Daniel Chapin
e825da7d84 Revert "trusty: storageproxy: add fs_ready_rw property context" 
Revert submission 28318041-rw_storage

Reason for revert: Droidfood blocking bug b/355163562

Reverted changes: /q/submissionid:28318041-rw_storage

Change-Id: Ifa22c1551e75dd5161a19c5fb5cb372fe669921c
 2024-07-24 20:17:20 +00:00
Mike McTernan
27df5480c4 trusty: storageproxy: add fs_ready_rw property context 
Flag: EXEMPT bug fix
Bug: 350362101
Test: ABTD
Change-Id: I2d6d1ab8dbd60c21a16cadc26c5e4d5d290df42d
 2024-07-23 10:02:20 +00:00
Carl Tsai
e1d272f6c9 Add to allocate a security context for panel_pwr_vreg 
type=1400 audit(1719903781.812:18): avc:  denied  { read } for  comm="dump_display" name="panel_pwr_vreg" dev="sysfs" ino=87631 scontext=u:r:dump_display:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 350831939
Test: run pts -m PtsSELinuxTestCases -t com.google.android.selinux.pts.SELinuxTest#scanBugreport to check the test is Pass
Flag: EXEMPT bugfix
Change-Id: Ib03479bece87f26f48d6998dfd9b2dd84d439204
 2024-07-16 08:02:09 +00:00
Aaron Tsai
b05833237c Add permission for setting gril property 
05-22 18:00:40.443   948   948 I auditd  : type=1400 audit(0.0:854): avc:  denied  { write } for  comm="radioext@1.0-se" name="property_service" dev="tmpfs" ino=851 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0

Bug: 343012301
Bug: 203824024
Test: manual test
Flag: EXEMPT bugfix
Change-Id: Ie873e186d3eda618ba832164d9c9713b410977d2
 2024-07-05 08:05:01 +00:00
Chaitanya Cheemala
9d3f39622c Revert "SELinux: fix avc denials" 
This reverts commit d1fe9f8f80.

Reason for revert: Likely culprit for b/340511525  - verifying through ABTD before revert submission. This is part of the standard investigation process, and does not mean your CL will be reverted.

Change-Id: I65790202886298f9862d68d65cf794e67db5a878
 2024-05-14 15:07:58 +00:00
Ken Yang
d1fe9f8f80 SELinux: fix avc denials 
Bug: 338332877
Change-Id: I5fb0a73cdc0d276ec14e55906c9bbd9c6875c786
Signed-off-by: Ken Yang <yangken@google.com>
 2024-05-14 05:14:55 +00:00
chenkris
5a1bb0df6e Allow fingerprint to access the folder /data/vendor/fingerprint 
Fix the following avc denial:
android.hardwar: type=1400 audit(0.0:20): avc:  denied  { write } for  name="fingerprint" dev="dm-56" ino=36703 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=0

Bug: 267766859
Test: Tested fingerprint under enforcing mode
Change-Id: I11c465fe89fcbfa7d9132ccee1c7666d1cd75a24
 2024-05-08 08:46:26 +00:00
Enzo Liao
66254ad14d Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. 
New paths (ag/26620507):
  RamdumpService: device/google/gs-common/ramdump_app
  SSRestartDetector: device/google/gs-common/ssr_detector_app

Bug: 298102808
Design: go/sys-software-logging
Test: Manual
Change-Id: I57f9b8b77aa070ad2216cae1e84630a26a03618d
 2024-04-11 02:03:11 +00:00
kadirpili
60c66448ef gs201: telephony property for cbd 
Bug: 315104803
Change-Id: I2560871e9477a5f8dcd9519b6c60353e89c5df82
 2024-04-01 05:12:58 +00:00
Hungyen Weng
2b9b7cc688 Allow modem_svc to access modem files and perfetto 
Bug: 330730987

Test: Confirmed that modem_svc is able to access token db files in modem partition
Test: Confiemed that modem_svc can send traces to perfetto

Change-Id: Id50a1fc3b343be9eec834418638c689d8ea56b35
 2024-03-22 23:53:34 +00:00
Spade Lee
596f6ab199 pixelstats_vendor: add logbuffer_device r_file_perms 
avc: denied { read } for name="logbuffer_maxfg_monitor" dev="tmpfs" ino=1034 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0

Bug: 329174074
Test: no denied log, and able to read logbuffer in pixelstats_vendor
Change-Id: Ia591a091fe470c2c367b80b8f1ef9eea6002462c
Signed-off-by: Spade Lee <spadelee@google.com>
 2024-03-22 07:30:26 +00:00
Spade Lee
269f1640d8 sepolicy: allow kernel to search vendor debugfs 
audit: type=1400 audit(1710259012.824:4): avc:  denied  { search } for  pid=128 comm="kworker/3:1" name="max77779fg" dev="debugfs" ino=24204 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0
audit: type=1400 audit(1710427790.680:2): avc:  denied  { search } for  pid=10 comm="kworker/u16:1" name="gvotables" dev="debugfs" ino=10582 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_votable_debugfs:s0 tclass=dir permissive=1
audit: type=1400 audit(1710427790.680:3): avc:  denied  { search } for  pid=211 comm="kworker/u16:4" name="google_charger" dev="debugfs" ino=16673 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_charger_debugfs:s0 tclass=dir permissive=1

Bug: 328016570
Bug: 329317898
Test: check all debugfs folders are correctly mounted
Change-Id: I7ca3804056bbfd8459bac2c029a494767f3ae1a6
Signed-off-by: Spade Lee <spadelee@google.com>
 2024-03-20 18:17:15 +00:00
Sungtak Lee
9088b1a9be Add AIDL media.c2 into service_contexts 
Bug: 321808716
Change-Id: Ib2426b1997517b23d1301f3a1a30d9029d129971
 2024-03-05 06:16:54 +00:00
Peter Lin
1c7d8f80f2 add dsim wakeup labels 
Bug: 322035303
Bug: 321733124
test: ls sys/devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/wakeup -Z
Change-Id: Ifcf73176620f44743a8aa252f8afed85c3af475c
 2024-03-04 03:02:14 +00:00
Will McVicker
9be1081f00 Update tcpm i2c sepolicy with new device name 
The new name fixes uninformative kernel wakelock names.

Bug: 315190967
Bug: 323447554
Change-Id: I88ecec344fd1eb84c5ca12a6bd3fad38cc40295b
 2024-02-22 17:54:36 +00:00
Lei Ju
967204e373 [gs201] Use common settings for Contexthub HAL 
The change also labeled files under /data/vendor/chre/ to grant
required access.

Test: compilation
Bug: 248615564
Change-Id: Ia96b7a592523e7b5e64acb8cb7ae4f0f1fc3a78b
 2024-02-18 11:43:27 -08:00
Jacky Liu
28c042f51a Update i2c device paths 
Update i2c device paths with static bus numbers.

Bug: 323447554
Test: Boot to home
Change-Id: I3d41e1819aa7df896322a0dca44449c1e871dff8
 2024-02-06 16:16:53 +00:00
Darren Hsu
1f8b299ace sepolicy: allow hal_power_stats to read sysfs_display 
avc:  denied  { read } for  name="available_disp_stats"
dev="sysfs" ino=76162 scontext=u:r:hal_power_stats_default:s0
tcontext=u:object_r:sysfs:s0 tclass=file permissive=0

Bug: 317767775
Test: dumpsys android.hardware.power.stats.IPowerStats/default
Change-Id: I272f69f4c4720eb4800a8a13ef62e1ab34cbaedf
Signed-off-by: Darren Hsu <darrenhsu@google.com>
 2024-01-29 05:59:52 +00:00
Jack Wu
f32bd56cb0 dontaudit on dir search for vendor_charger_debugfs 
Bug: 307863370
Change-Id: I6da7b9426cdcc6152ff05ef7cd0cf18b718ab875
Signed-off-by: Jack Wu <wjack@google.com>
 2024-01-26 20:13:23 +08:00
Ken Yang
f1c2498079 selinux: label wakeup for BMS I2C 0x36, 0x69 
Bug: 319035561
Change-Id: I45a80157d2a1d12a27a748aed31bb0ae5b08e7b5
Signed-off-by: Ken Yang <yangken@google.com>
 2024-01-10 06:12:19 +00:00
wenchangliu
997782c603 gs201: move mediacodec_samsung sepolicy to gs-common 
remove mediacodec_samsung sepolicy in legacy path since we will include it from gs-common.

Bug: 318793681
Test: build pass, camera record, youtube
Change-Id: I08a9ce89155324b0ac749bde4a9d205585a57320
Signed-off-by: wenchangliu <wenchangliu@google.com>
 2024-01-09 14:49:56 +00:00
Chi Zhang
c45f36f10e Allow GRIL to get power stats. 
SELinux : avc:  denied  { find } for pid=3147 uid=10219 name=android.hardware.power.stats.IPowerStats/default scontext=u:r:grilservice_app:s0:c219,c256,c512,c768 tcontext=u:object_r:hal_power_stats_service:s0 tclass=service_manager permissive=1

Bug: 286187143
Test: build and boot
Change-Id: I4588708267fc0f582c767a93e5a422a6e40b6369
 2023-12-19 12:21:45 -08:00
Jenny Ho
04bc1d210a sepolicy: add read wlc sysfs permission 
12-12 18:33:17.960000  1000   906   906 I auditd  : type=1400 audit(0.0:10): avc:  denied  { read } for  comm="android.hardwar" name="type" dev="sysfs" ino=75851 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:sysfs_wlc:s0 tclass=file permissive=0

Bug: 306534100
Change-Id: I3381aaa1e08637c1cc8eb278bd775c81b32ed3bd
Signed-off-by: Jenny Ho <hsiufangho@google.com>
 2023-12-13 07:31:13 +00:00
Boon Jun Soh
a4fa4427bc Fix rlsservice sepolicy 
Allows bugreport generation

Bug: 315255760
Bug: 309379465
Test: abd bugreport & ensure lack of rls avc denied logs
Change-Id: Ic390d6ddd6bac78e5979c78bc6d02262f08b3468
 2023-12-11 07:30:24 +00:00
David Drysdale
eca39285c5 Add Secretkeeper HAL 
Test: VtsAidlAuthGraphSessionTest
Bug: 306364873
Change-Id: I84d4098960d6445da1eb7e58e25a015cd591d6b3
 2023-12-06 10:21:00 +00:00
Jason Chiu
e2d9795558 gs201: move sepolicy related to bootctrl hal to gs-common 
Bug: 265063384
Change-Id: I30a71900c2a305b05ae6e17d658df32d95097d14
Signed-off-by: Jason Chiu <jasoncschiu@google.com>
 2023-12-05 01:21:53 +08:00
Khoa Hong
a2847d4475 Suppress avc error log on debugfs's usb folder. 
The XHCI driver in kernel will write debugging information to DebugFS on
some USB host operations (for example: plugging in a USB headphone). We
are not using those information right now.

Bug: 305880925
Bug: 311088739
Test: No error when plugging a USB headphone in.
Change-Id: I3b53a3924a1fb3f2a37b0d8a1ae9df037cbc1dd2
 2023-11-30 14:59:09 +08:00
Randall Huang
2bd12254f4 Move sg_device related policy 
Bug: 312582937
Test: make selinux_policy
Change-Id: I18617643e66d6d2fe5ff19e440dea204206b3035
Signed-off-by: Randall Huang <huangrandall@google.com>
 2023-11-22 14:16:38 +08:00
Alex Iacobucci
8f30df1dcf aoc: add sysfs file entry 
Test: on device
Bug: 309950738
Change-Id: Ie5437a02b3a4f69d05ecb274169b4bd328315a22
Signed-off-by: Alex Iacobucci <alexiacobucci@google.com>
 2023-11-20 20:22:25 +00:00
Devika Krishnadas
3b40f18e29 Add Pixel Mapper as a sp-HAL 
Bug: 267352318

Change-Id: I460f379d8d6904f5bda3f67a7158c0ac6f2e7b5f
Signed-off-by: Devika Krishnadas <kdevika@google.com>
 2023-11-20 18:17:26 +00:00
Kyle Tso
7411947a02 dontaudit on dir search for vendor_votable_debugfs 
Bug: 305880925
Bug: 309379994
Change-Id: I7317bdb4ec80eb73a57cbb924d3132579e0b4f98
Signed-off-by: Kyle Tso <kyletso@google.com>
 2023-11-17 05:22:09 +00:00
Daniel Norman
b204558a73 Removes duplicate hidraw_device type definition. 
This type is now defined by the platform.

Bug: 303522222
Change-Id: Ia2f817ce99548c30f39a5164c8f6ec323db66155
Test: ls -z /dev/hidraw0
 2023-11-10 22:52:26 +00:00
Mike Wang
551b83f7c5 Change the MDS to platform app in selinux ap context. 
The MDS will be signed with platform key and become a platform app. To
make the selinux rules for modem_diagnostic_app work, need to set it to
platform app in app context.

Bug: 287683516

Test: Tested with both dev key or platform key signed MDS apps and the selinux rules works.
Change-Id: Ia0dacafc5e096c101e115b7356d8490391cb6bbd
 2023-11-08 05:23:35 +00:00
Rick Chen
e22b188d9d sensors: Move USF related sepolicy to gs-common. 
Bug: 305120274
Test: Compile pass. Flash the build to WHI_PRO devices and no sensor
      related avc denied log.
Change-Id: I48d959d439565e9c31ce83812bf29b6d8025c35b
Signed-off-by: Rick Chen <rickctchen@google.com>
 2023-11-07 06:49:05 +00:00
Mike Wang
ac39f865e1 Add selinux policy change to allow MDS access Samsung OemRil hal. 
Bug: 301641283

selinux log:
11-03 15:32:38.850  2643  2643 I auditd  : type=1400 audit(0.0:1616): avc:  denied  { call } for  comm="binder:2643_3" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.850  2643  2643 I binder:2643_3: type=1400 audit(0.0:1616): avc:  denied  { call } for  scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.854  2643  2643 I auditd  : type=1400 audit(0.0:1617): avc:  denied  { transfer } for  comm="binder:2643_3" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.854  2643  2643 I binder:2643_3: type=1400 audit(0.0:1617): avc:  denied  { transfer } for  scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds
11-03 15:32:38.854  1095  1095 I auditd  : type=1400 audit(0.0:1618): avc:  denied  { call } for  comm="HwBinder:1095_1" scontext=u:r:rild:s0 tcontext=u:r:modem_diagnostic_app:s0:c512,c768 tclass=binder permissive=1
11-03 15:32:38.854  1095  1095 I HwBinder:1095_1: type=1400 audit(0.0:1618): avc:  denied  { call } for  scontext=u:r:rild:s0 tcontext=u:r:modem_diagnostic_app:s0:c512,c768 tclass=binder permissive=1

Change-Id: I62986e4bb0a4ed04616f8f3a8521f01934e63d74
 2023-11-06 02:30:52 +00:00
JimiChen
4f1d96210d Update SELinux policies for rlsservice 
1. Move rls_service context from vndservice_contexts to
   service_contexts.
2. Allow binder calls from rlsservice to servicemanager
3. Change rls_service type from vndservice_manager_type to
   service_manager_type.

Bug: 301520085
Test: GCA
Change-Id: Ief845b5691487f48d570c531de1ea99945087e42
 2023-11-03 03:33:52 +00:00
George Lee
435e0aafa8 pixelstats: Add Brownout Detection sepolicy 
Bug: 307392882
Test: Confirm lastmeal data upload
Change-Id: I9f7386c6c813c2790dcba1c79ce80531b6819b65
Signed-off-by: George Lee <geolee@google.com>
 2023-10-31 04:10:23 +00:00
Mike Wang
e0cc9659dd Grant the MDS access to the IPowerStats hal service. am: b256bc86c0 am: ea3e7e07b1 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24887316

Change-Id: I41c7b162db1fab83ad1f5f549c8b9083e8443f7a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-05 17:11:46 +00:00
Mike Wang
ea3e7e07b1 Grant the MDS access to the IPowerStats hal service. am: b256bc86c0 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24887316

Change-Id: I6e51e56d42bb6143a58666112de9efac8a5d0c8f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-10-05 16:24:15 +00:00
Mike Wang
b256bc86c0 Grant the MDS access to the IPowerStats hal service. 
ref logs:
09-06 10:07:18.006   536   536 I auditd  : avc:  denied  { find } for pid=22543 uid=10225 name=android.hardware.power.stats.IPowerStats/default scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:hal_power_stats_service:s0 tclass=service_manager permissive=1
09-06 10:07:18.010 22543 22543 I auditd  : type=1400 audit(0.0:65): avc:  denied  { call } for  comm="pool-4-thread-1" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=1 app=com.google.mds

Test: Tested with MDS app and the MDS can get IPowerStats binder and
call the interface.

Bug: 297250368
Change-Id: I54b6b93179987b9db23d5327711338553906134c
 2023-09-28 15:22:58 +00:00
Leo Liou
764e677ff0 gs201: ufs_firmware_update: add scsi directory permission am: e39998954f am: fc3bc416f2 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24752203

Change-Id: I316f7ef124e388466caf94dddb161ae178ff7840
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-19 05:22:28 +00:00
Leo Liou
fc3bc416f2 gs201: ufs_firmware_update: add scsi directory permission am: e39998954f 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs201-sepolicy/+/24752203

Change-Id: Iad507da50c43cc68cf37a7733c3b4d432008d9a1
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
 2023-09-19 04:27:42 +00:00